A major problem facing modern computing systems and communications systems is the prevalence of malicious websites. Herein, malicious websites include, but are not limited to: any websites that are associated with phishing; any websites that offer undesirable content; any websites associated with virus and/or other malware propagation; any website a user is directed to without the user's consent; and/or any website that a user can access and/or be redirected to, that contains harmful and/or undesirable content. Herein, malware includes, but is not limited to, any software and/or code designed to infiltrate a computing system without the owner's informed and/or explicit consent. Some of the better known forms of malware include computer viruses and spyware.
One conventional method for protecting users from malicious websites is to employ a security system, typically in the form of a software application, and/or hardware, installed either on a given “protected” computing system or on a server system associated with the given computing system.
Many conventional security systems attempt to identify malicious websites and block a user from accessing malicious websites and/or warn a user before allowing the user access to the malicious websites. One way conventional security systems attempt to identify malicious websites is to analyze and classify malicious websites as either potential safe/legitimate websites or potential malicious websites. Conventionally this is accomplished by creating a list of known malicious websites and/or analyzing data associated with a given website and comparing various characteristics of given website with characteristics of known malicious websites and/or known legitimate malicious websites. It follows that in order for conventional security systems to identify malicious websites based on the type of comparison analysis described above, the security systems must have one or more sources of knowledge/data regarding characteristics of identified malicious websites, or legitimate websites, to make the comparison. However, in many cases, these sources of knowledge/data regarding characteristics of identified malicious websites, or legitimate websites, are limited in the type of information they can provide and how quickly the information can be obtained.
For instance, in cases of new websites that are not similar enough to identified malicious websites, or legitimate websites, there is often no reliable source of knowledge/data regarding characteristics of identified malicious websites, or legitimate websites, that is of significant use for making a comparative analysis, at least when the new websites first appear. Consequently, a significant amount of time may pass before enough reliable data can be collected, and/or analysis can be performed, to make a reasonable classification of a new website.
As a result of the situation described above, many new websites, both malicious websites and legitimate websites, are currently incorrectly classified using conventional security systems. As a result, using conventional security systems, legitimate websites are often incorrectly classified as potential malicious websites and are therefore blocked, often to the annoyance of the end user, or malicious websites are potentially not identified, thus leaving numerous computing systems susceptible to infiltration and/or or damage.